Unrestricted File Upload Vulnerability in e-Vision CMS by Szava Gyula and Csaba Tamas
CVE-2006-5016

Currently unrated

Key Information:

Vendor

E-vision

Status
E-vision Cms
Vendor
CVE Published:
27 September 2006

What is CVE-2006-5016?

The e-Vision CMS developed by Szava Gyula and Csaba Tamas contains an unrestricted file upload vulnerability in the admin/x_image.php script. This issue permits remote attackers to upload arbitrary files to the /imagebank directory, potentially leading to further exploitation of the system. The ability to upload unrestricted files poses significant security risks, including the possible execution of malicious scripts on the server. Implementing strict input validation and file type checks is essential to mitigate such vulnerabilities.

References

http://secunia.com/advisories/21969
third-party-advisoryx_refsource_SECUNIA
http://securityreason.com/securityalert/1642
third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/archive/1/446706/100/0/threaded
mailing-listx_refsource_BUGTRAQ

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.